Question

我有一个带有TransportWithMessageCredential安全模式的WCF客户端。尝试使用BeforeSendRequest记录请求时

    public object BeforeSendRequest(ref Message request, IClientChannel channel)
    { 
        System.IO.StreamWriter file = new System.IO.StreamWriter("c:\\tmp\\request_log.xml");
        file.WriteLine(request.ToString());
        file.Close();

        return null;
    }

没有安全标签的结果

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
    <s:Header>
        <Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">https://(skiped)</Action>
    </s:Header>
    <s:Body>
    ...
    </s:Body>
</s:Envelope>

如何在客户端中记录完整的原始请求？它一定是这样的

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<s:Header>
<o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<u:Timestamp u:Id="_0">
<u:Created>...</u:Created>
<u:Expires>..</u:Expires>
</u:Timestamp>
<o:BinarySecurityToken>
<!-- Removed-->
</o:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
...
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<o:SecurityTokenReference>
...
</o:SecurityTokenReference>
</KeyInfo>
</Signature>
</o:Security>
<Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">skiped</Action>
</s:Header>
<s:Body>
...
</s:Body>
</s:Envelope>

UPD。绑定的安全选项

 <security mode="TransportWithMessageCredential">
    <transport clientCredentialType="None" proxyCredentialType="None"
      realm="" />
   <message clientCredentialType="Certificate" algorithmSuite="Basic256" />
 </security>

Answer 1

This可能会有所帮助：

public object BeforeSendRequest(ref Message request, IClientChannel channel)
{
    MessageBuffer buffer = request.CreateBufferedCopy(Int32.MaxValue);
    request = buffer.CreateMessage();
    Log("Request:" + Environment.NewLine + buffer.CreateMessage());
    return null;
}

Answer 2

我没有在C＃中找到如何做到这一点，但是已经使用了捕获原始请求 Charles SSL proxying

请求包含所有安全标记。

这篇文章给了我很多帮助Tracing-WCF-Messages

Answer 3

您也可以使用免费的Fiddler。如果您的端点是https，请务必使用此

绕过证书验证

ServicePointManager.ServerCertificateValidationCallback = delegate {return true;};

因为Fiddler使用自己的连接无效的证书。

如何从客户端记录完整的原始WCF客户端请求？

3 个答案: